Author: Shinsuke Honjo

Shinsuke Honjo

Exploits of the Java Runtime Environment (JRE) have been extensively used in drive-by-download toolkits such as Blackhole and Red Kit. New vulnerabilities discovered in 2013, such as CVE-2013-1493 and CVE-2013-0422, are popular, and we still see lots of older exploits such as CVE-2012-1723, CVE-2012-4681, and CVE-2012-0507.  These vulnerabilities are already fixed in the latest JRE. […]

Since last week, we have seen many specially crafted files exploiting CVE-2012-0158, a vulnerability in MSCOMCTL.OCX in Microsoft Office and some other Microsoft products. This exploit can be implemented in a variety of file formats, including RTF, Word, and Excel files. We have already found crafted RTF and Word files in the wild. In the […]

The fake-alert families (bogus or rogue anti-virus software) are one of the most prevalent threats we face, and we see lots of new variants everyday. The threat is expanding constantly. For example, a couple of weeks ago, we observed MacDefender/MacProtector, which targeted Mac users, in addition to the usual attacks against Windows users. Today, I’m […]

JustSystem has released an advisory for a new vulnerability discovered in their Japanese word processor called “Ichitaro” in September. The patch of this vulnerability has already been published by the vendor. McAfee Labs has been observing a number of crafted jtd files (detected as Exploit-TaroDrop.i trojan) exploiting this vulnerability since mid-September. Many types of backdoor trojan […]

The other day, I came across a malware that attempts to hide its infection not in that technical but in the very unique way. “Muster” is a family of backdoor which has been using help files for hiding themselves. The help files or “.hlp” files are data files designed to be viewed with Microsoft WinHelp […]